User Manual
Table Of Contents
- Contents
- Chapter 1 About This Manual
- Chapter 2 Introduction
- About the NETGEAR ProSafe 802.11g Wireless Access Point WG302
- Key Features
- AutoCell-The Self-Organizing Wireless Network
- 802.11g Standards-based Wireless Networking
- Autosensing Ethernet Connections with Auto Uplink
- Compatible and Related NETGEAR Products
- System Requirements
- What’s In the Box?
- Hardware Description
- Front Panel
- Rear Panel
- Chapter 3 Basic Installation and Configuration
- Wireless Equipment Placement and Range Guidelines
- Cabling Requirements
- Default Factory Settings
- Understanding WG302 Wireless Security Options
- Installing the WG302 Wireless Access Point
- Logging in to the WG302 Using Its Default IP Address
- Basic IP Settings
- Wireless Settings
- Security Profiles
- Before You Change the SSID and WEP Settings
- Setting up and Testing Basic Wireless Connectivity
- Configuring the Radius Server Settings
- Configuring Network Authentication
- Entering WEP Data Encryption Keys
- Restricting Wireless Access by MAC Address
- Chapter 4 Management
- Remote Management
- Using the Secure Telnet Interface
- How to Use the CLI via the Console Port
- CLI Commands
- SNMP Remote Management
- Viewing the Activity Log
- Viewing General Information
- Viewing Statistics
- Viewing the Available Wireless Station List
- Upgrading the Wireless Access Point Firmware
- Configuration File Management
- Backing up and Restoring the Configuration
- Erasing the Configuration
- Using the Reset Button to Restore Factory Default Settings
- Changing the Administrator Password
- AutoCell Rogue AP Detection
- AutoCell Rogue Station Detection
- Chapter 5 Advanced Configuration
- Understanding Advanced IP Settings for Wireless Clients
- Configuring Advanced Wireless LAN Settings
- AutoCell Overview
- AutoCell Configuration Options
- Auto RF Management
- Wi-Fi Multimedia (WMM) Setup
- Hotspot Settings
- Configuring Wireless LAN Parameters
- Wireless Bridging and Repeating
- Point-to-Point Bridge Configuration
- Multi-Point Bridge Configuration
- Repeater with Wireless Client Association
- Configuring NAT
- Configuring QoS Queues
- Setting up Guest Access
- Chapter 6 Troubleshooting
- No lights are lit on the access point.
- The Wireless LAN activity light does not light up.
- The LAN light is not lit.
- I cannot access the Internet or the LAN with a wireless capable computer.
- I cannot connect to the WG302 to configure it.
- When I enter a URL or IP address I get a timeout error.
- Using the Reset Button to Restore Factory Default Settings
- Appendix B Wireless Networking Basics
- Wireless Networking Overview
- Infrastructure Mode
- Ad Hoc Mode (Peer-to-Peer Workgroup)
- Network Name: Extended Service Set Identification (ESSID)
- Authentication and WEP Data Encryption
- 802.11 Authentication
- Open System Authentication
- Shared Key Authentication
- Overview of WEP Parameters
- Key Size
- WEP Configuration Options
- Wireless Channels
- WPA and WPA2 Wireless Security
- How Does WPA Compare to WEP?
- How Does WPA Compare to WPA2 (IEEE 802.11i)?
- What are the Key Features of WPA and WPA2 Security?
- Is WPA/WPA2 Perfect?
- Product Support for WPA/WPA2
- Appendix C Command Line Reference
Reference Manual for the NETGEAR ProSafe 802.11g Wireless Access Point WG302
B-14 Wireless Networking Basics
v0.1, December 2005
If configured to implement dynamic key exchange, the 802.1x authentication server can return
session keys to the access point along with the accept message. The access point uses the session
keys to build, sign and encrypt an EAP key message that is sent to the client immediately after
sending the success message. The client can then use contents of the key message to define
applicable encryption keys. In typical 802.1x implementations, the client can automatically change
encryption keys as often as necessary to minimize the possibility of eavesdroppers having enough
time to crack the key in current use.
Temporal Key Integrity Protocol (TKIP). WPA uses TKIP to provide important data
encryption enhancements including a per-packet key mixing function, a message integrity check
(MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a
re-keying mechanism. TKIP also provides for the following:
• The verification of the security configuration after the encryption keys are determined.
• The synchronized changing of the unicast encryption key for each frame.
• The determination of a unique starting unicast encryption key for each preshared key
authentication.
Michael. With 802.11 and WEP, data integrity is provided by a 32-bit integrity check value (ICV)
that is appended to the 802.11 payload and encrypted with WEP. Although the ICV is encrypted,
you can use cryptanalysis to change bits in the encrypted payload and update the encrypted ICV
without being detected by the receiver.
With WPA, a method known as Michael specifies a new algorithm that calculates an 8-byte
message integrity check (MIC) using the calculation facilities available on existing wireless
devices. The MIC is placed between the data portion of the IEEE 802.11 frame and the 4-byte ICV.
The MIC field is encrypted together with the frame data and the ICV.
Michael also provides replay protection. A new frame counter in the IEEE 802.11 frame is used to
prevent replay attacks.
AES Support for WPA2. One of the encryption methods supported by WPA2 is the advanced
encryption standard (AES), although AES support will not be required initially for Wi-Fi
certification. This is viewed as the optimal choice for security conscience organizations, but the
problem with AES is that it requires a fundamental redesign of the NIC hardware in both the
station and the access point. TKIP is a pragmatic compromise that allows organizations to deploy
better security while AES capable equipment is being designed, manufactured, and incrementally
deployed.